Incident Response Consultant, Talos, Uk - London, United Kingdom - Cisco Systems

Cisco Systems

Verified Company

London, United Kingdom

1 week ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

What You'll Do

The Cisco Talos Incident Response Consultant will work with Cisco customers, using established methodologies, to perform a variety of reactive and pro-active Incident Response related activities.

These may include emergency investigations of cyber incidents, threat intelligence research, proactively hunting for adversaries in customer environments, crafting and performing Table-Top Exercises, performing IR Readiness Assessments, and teaching an immersive Cyber Range workshop.

The Incident Response Consultant will also be responsible for consulting with customers on projects that will support tactical and strategic Incident Response business objectives.

Cisco Talos Incident Response Consultants will provide verbal and written technical communication concisely to a variety of customers.

They must have familiarity with participating in high stress investigations or critical projects, along with an ability to learn new concepts quickly and process them to create guidance or new instructions for handling an incident.

Who You'll Work With

When you work with us, you'll be part of a global distributed team of highly empowered Incident Response and Cyber Threat Intelligence professionals who work as a collaborative team focused on helping our clients be both better prepared to defend against adversaries on their network, as well as responding to active incidents within their network.

Who You Are
Both your clients and your colleagues consider you a charismatic, articulate individual, and a born diplomat.

You check your ego at the door and learn from others constantly, while also helping to educate those who aren't as well versed as you are in technical or procedural topics.

As a result, you have a track record of working tirelessly to help your clients and teammates and have even come up with some novel techniques in your time.

You are willing to routinely travel with less than 24-hour notice, up to 20% of the time.

Required Skills:

Respond to global cyber incidents caused by internal and external threats to our customers, that may involve nontraditional working hours.

Understanding of recent adversary attacks and how best to detect, contain, and remediate recent threats.

Foundational familiarity and understanding of host centric analysis using a variety of forensic tools (e.g. EDR, X-Ways, Volatility, Cisco Secure Endpoint, Velociraptor, etc.).

Familiarity with network forensic analysis with an understanding of how to leverage network telemetry to assist with an investigation.

Understands, and can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle as it relates to recent known adversary activity.

Demonstrate capability to map technical findings to business impacts and communicate those in a manner which is understandable by a non-technical audience.

Be able to assist with scoping an incident, gain consensus on objectives with customers, and participate in a team of incident response consultants during an emergency engagement.

Familiarity with the theory of threat hunting, and how to proactively hunt for adversaries on customer networks using a variety of tools and techniques.

Understand the concept of Table-Top Exercises, and preferably have experience with conducting or participating in Table-Top Exercises previously.

Understand the concept of performing Incident Response Readiness Assessments for customers, and an understanding of performing interviews and document review.

Familiarity with the process of collaborating on developing written communication of assessments, and reports that may be both internal and customer facing, this includes communication to various levels including technical teams, leadership, and executive management.

Serve as a liaison to different businesses and collaborate with fellow team members and colleagues on other security teams.

Participate in IR related consulting projects as directed.

Be a contributor to process improvement. Help to develop and document process improvements to ensure efficient, consistent, and scalable consulting operations.

Interest in helping to develop public facing material such as blog posts, podcasts, whitepapers, or presentations at conferences.

Desired Characteristics and Experience:

Familiarity of current cyber security threats, attacks, and countermeasures. Such as Ransomware, Cyber Crime, Hacktivism and associated tactics.

Interest in recognized IT Security-related standards and technologies, demonstrated through training, job experience and/or industry activities.

Preferred:
Prior experience in information security and experience handling or investigating cyber security incidents.

Must be willing to be on-call and work off-shift hours, potentially to include nights, weekends, and holidays.

IT Security Certifications

Preferred:
Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GCFA, GNFA, and/or GCFE.

Certifications are not a